OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/net/chrome_fraudulent_certificate_reporter.h" | 5 #include "chrome/browser/net/chrome_fraudulent_certificate_reporter.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 | 8 |
9 #include "base/bind.h" | 9 #include "base/bind.h" |
10 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
11 #include "base/memory/scoped_ptr.h" | 11 #include "base/memory/scoped_ptr.h" |
12 #include "base/message_loop/message_loop.h" | 12 #include "base/message_loop/message_loop.h" |
13 #include "base/synchronization/waitable_event.h" | 13 #include "base/synchronization/waitable_event.h" |
14 #include "base/threading/thread.h" | 14 #include "base/threading/thread.h" |
15 #include "content/public/test/test_browser_thread.h" | 15 #include "content/public/test/test_browser_thread.h" |
16 #include "net/base/request_priority.h" | 16 #include "net/base/request_priority.h" |
17 #include "net/base/test_data_directory.h" | 17 #include "net/base/test_data_directory.h" |
18 #include "net/cert/x509_certificate.h" | 18 #include "net/cert/x509_certificate.h" |
19 #include "net/http/transport_security_state.h" | 19 #include "net/http/transport_security_state.h" |
20 #include "net/ssl/ssl_info.h" | 20 #include "net/ssl/ssl_info.h" |
21 #include "net/test/cert_test_util.h" | 21 #include "net/test/cert_test_util.h" |
22 #include "net/url_request/fraudulent_certificate_reporter.h" | 22 #include "net/url_request/fraudulent_certificate_reporter.h" |
23 #include "net/url_request/url_request.h" | 23 #include "net/url_request/url_request.h" |
24 #include "net/url_request/url_request_context.h" | 24 #include "net/url_request/url_request_context.h" |
25 #include "net/url_request/url_request_test_util.h" | 25 #include "net/url_request/url_request_test_util.h" |
26 #include "testing/gtest/include/gtest/gtest.h" | 26 #include "testing/gtest/include/gtest/gtest.h" |
27 | 27 |
28 using content::BrowserThread; | 28 using content::BrowserThread; |
| 29 using net::FraudulentCertificateReporter; |
29 using net::SSLInfo; | 30 using net::SSLInfo; |
30 | 31 |
31 namespace chrome_browser_net { | 32 namespace chrome_browser_net { |
32 | 33 |
33 // Builds an SSLInfo from an invalid cert chain. In this case, the cert is | 34 // Builds an SSLInfo from an invalid cert chain. In this case, the cert is |
34 // expired; what matters is that the cert would not pass even a normal | 35 // expired; what matters is that the cert would not pass even a normal |
35 // sanity check. We test that we DO NOT send a fraudulent certificate report | 36 // sanity check. We test that we DO NOT send a fraudulent certificate report |
36 // in this case. | 37 // in this case. |
37 static SSLInfo GetBadSSLInfo() { | 38 static SSLInfo GetBadSSLInfo() { |
38 SSLInfo info; | 39 SSLInfo info; |
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
75 : ChromeFraudulentCertificateReporter(request_context) {} | 76 : ChromeFraudulentCertificateReporter(request_context) {} |
76 }; | 77 }; |
77 | 78 |
78 class SendingTestReporter : public TestReporter { | 79 class SendingTestReporter : public TestReporter { |
79 public: | 80 public: |
80 explicit SendingTestReporter(net::URLRequestContext* request_context) | 81 explicit SendingTestReporter(net::URLRequestContext* request_context) |
81 : TestReporter(request_context), passed_(false) {} | 82 : TestReporter(request_context), passed_(false) {} |
82 | 83 |
83 // Passes if invoked with a good SSLInfo and for a hostname that is a Google | 84 // Passes if invoked with a good SSLInfo and for a hostname that is a Google |
84 // pinned property. | 85 // pinned property. |
85 void SendReport(const std::string& hostname, | 86 void SendReport(ReportType type, |
| 87 const std::string& hostname, |
86 const SSLInfo& ssl_info) override { | 88 const SSLInfo& ssl_info) override { |
87 EXPECT_TRUE(IsGoodSSLInfo(ssl_info)); | 89 EXPECT_TRUE(IsGoodSSLInfo(ssl_info)); |
88 EXPECT_TRUE(net::TransportSecurityState::IsGooglePinnedProperty(hostname)); | 90 EXPECT_TRUE(net::TransportSecurityState::IsGooglePinnedProperty(hostname)); |
89 passed_ = true; | 91 passed_ = true; |
90 } | 92 } |
91 | 93 |
92 ~SendingTestReporter() override { | 94 ~SendingTestReporter() override { |
93 // If the object is destroyed without having its SendReport method invoked, | 95 // If the object is destroyed without having its SendReport method invoked, |
94 // we failed. | 96 // we failed. |
95 EXPECT_TRUE(passed_); | 97 EXPECT_TRUE(passed_); |
96 } | 98 } |
97 | 99 |
98 bool passed_; | 100 bool passed_; |
99 }; | 101 }; |
100 | 102 |
101 class NotSendingTestReporter : public TestReporter { | 103 class NotSendingTestReporter : public TestReporter { |
102 public: | 104 public: |
103 explicit NotSendingTestReporter(net::URLRequestContext* request_context) | 105 explicit NotSendingTestReporter(net::URLRequestContext* request_context) |
104 : TestReporter(request_context) {} | 106 : TestReporter(request_context) {} |
105 | 107 |
106 // Passes if invoked with a bad SSLInfo and for a hostname that is not a | 108 // Passes if invoked with a bad SSLInfo and for a hostname that is not a |
107 // Google pinned property. | 109 // Google pinned property. |
108 void SendReport(const std::string& hostname, | 110 void SendReport(ReportType type, |
| 111 const std::string& hostname, |
109 const SSLInfo& ssl_info) override { | 112 const SSLInfo& ssl_info) override { |
110 EXPECT_FALSE(IsGoodSSLInfo(ssl_info)); | 113 EXPECT_FALSE(IsGoodSSLInfo(ssl_info)); |
111 EXPECT_FALSE(net::TransportSecurityState::IsGooglePinnedProperty(hostname)); | 114 EXPECT_FALSE(net::TransportSecurityState::IsGooglePinnedProperty(hostname)); |
112 } | 115 } |
113 }; | 116 }; |
114 | 117 |
115 // A ChromeFraudulentCertificateReporter that uses a MockURLRequest, but is | 118 // A ChromeFraudulentCertificateReporter that uses a MockURLRequest, but is |
116 // otherwise normal: reports are constructed and sent in the usual way. | 119 // otherwise normal: reports are constructed and sent in the usual way. |
117 class MockReporter : public ChromeFraudulentCertificateReporter { | 120 class MockReporter : public ChromeFraudulentCertificateReporter { |
118 public: | 121 public: |
119 explicit MockReporter(net::URLRequestContext* request_context) | 122 explicit MockReporter(net::URLRequestContext* request_context) |
120 : ChromeFraudulentCertificateReporter(request_context) {} | 123 : ChromeFraudulentCertificateReporter(request_context) {} |
121 | 124 |
122 scoped_ptr<net::URLRequest> CreateURLRequest( | 125 scoped_ptr<net::URLRequest> CreateURLRequest( |
123 net::URLRequestContext* context) override { | 126 net::URLRequestContext* context, |
| 127 const GURL& upload_url) override { |
124 return context->CreateRequest(GURL(std::string()), | 128 return context->CreateRequest(GURL(std::string()), |
125 net::DEFAULT_PRIORITY, | 129 net::DEFAULT_PRIORITY, |
126 NULL, | 130 NULL, |
127 NULL); | 131 NULL); |
128 } | 132 } |
129 | 133 |
130 void SendReport(const std::string& hostname, | 134 void SendReport(ReportType type, |
| 135 const std::string& hostname, |
131 const net::SSLInfo& ssl_info) override { | 136 const net::SSLInfo& ssl_info) override { |
132 DCHECK(!hostname.empty()); | 137 DCHECK(!hostname.empty()); |
133 DCHECK(ssl_info.is_valid()); | 138 DCHECK(ssl_info.is_valid()); |
134 ChromeFraudulentCertificateReporter::SendReport(hostname, ssl_info); | 139 ChromeFraudulentCertificateReporter::SendReport(REPORT_TYPE_PIN_VIOLATION, |
| 140 hostname, ssl_info); |
135 } | 141 } |
136 }; | 142 }; |
137 | 143 |
138 static void DoReportIsSent() { | 144 static void DoReportIsSent() { |
139 net::TestURLRequestContext context; | 145 net::TestURLRequestContext context; |
140 SendingTestReporter reporter(&context); | 146 SendingTestReporter reporter(&context); |
141 SSLInfo info = GetGoodSSLInfo(); | 147 SSLInfo info = GetGoodSSLInfo(); |
142 reporter.SendReport("mail.google.com", info); | 148 reporter.SendReport(FraudulentCertificateReporter::REPORT_TYPE_PIN_VIOLATION, |
| 149 "mail.google.com", info); |
143 } | 150 } |
144 | 151 |
145 static void DoReportIsNotSent() { | 152 static void DoReportIsNotSent() { |
146 net::TestURLRequestContext context; | 153 net::TestURLRequestContext context; |
147 NotSendingTestReporter reporter(&context); | 154 NotSendingTestReporter reporter(&context); |
148 SSLInfo info = GetBadSSLInfo(); | 155 SSLInfo info = GetBadSSLInfo(); |
149 reporter.SendReport("www.example.com", info); | 156 reporter.SendReport(FraudulentCertificateReporter::REPORT_TYPE_PIN_VIOLATION, |
| 157 "www.example.com", info); |
150 } | 158 } |
151 | 159 |
152 static void DoMockReportIsSent() { | 160 static void DoMockReportIsSent() { |
153 net::TestURLRequestContext context; | 161 net::TestURLRequestContext context; |
154 MockReporter reporter(&context); | 162 MockReporter reporter(&context); |
155 SSLInfo info = GetGoodSSLInfo(); | 163 SSLInfo info = GetGoodSSLInfo(); |
156 reporter.SendReport("mail.google.com", info); | 164 reporter.SendReport(FraudulentCertificateReporter::REPORT_TYPE_PIN_VIOLATION, |
| 165 "mail.google.com", info); |
157 } | 166 } |
158 | 167 |
159 TEST(ChromeFraudulentCertificateReporterTest, GoodBadInfo) { | 168 TEST(ChromeFraudulentCertificateReporterTest, GoodBadInfo) { |
160 SSLInfo good = GetGoodSSLInfo(); | 169 SSLInfo good = GetGoodSSLInfo(); |
161 EXPECT_TRUE(IsGoodSSLInfo(good)); | 170 EXPECT_TRUE(IsGoodSSLInfo(good)); |
162 | 171 |
163 SSLInfo bad = GetBadSSLInfo(); | 172 SSLInfo bad = GetBadSSLInfo(); |
164 EXPECT_FALSE(IsGoodSSLInfo(bad)); | 173 EXPECT_FALSE(IsGoodSSLInfo(bad)); |
165 } | 174 } |
166 | 175 |
(...skipping 12 matching lines...) Expand all Loading... |
179 } | 188 } |
180 | 189 |
181 TEST(ChromeFraudulentCertificateReporterTest, ReportIsNotSent) { | 190 TEST(ChromeFraudulentCertificateReporterTest, ReportIsNotSent) { |
182 base::MessageLoopForIO loop; | 191 base::MessageLoopForIO loop; |
183 content::TestBrowserThread io_thread(BrowserThread::IO, &loop); | 192 content::TestBrowserThread io_thread(BrowserThread::IO, &loop); |
184 loop.PostTask(FROM_HERE, base::Bind(&DoReportIsNotSent)); | 193 loop.PostTask(FROM_HERE, base::Bind(&DoReportIsNotSent)); |
185 loop.RunUntilIdle(); | 194 loop.RunUntilIdle(); |
186 } | 195 } |
187 | 196 |
188 } // namespace chrome_browser_net | 197 } // namespace chrome_browser_net |
OLD | NEW |